1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • Re: [SECURITY] [DSA 2521-1] libxml2 security update

    From Steve Dispensa@1:229/2 to Moritz Muehlenhoff on Sat Aug 4 20:50:02 2012
    XPost: linux.debian.security
    From: [email protected]

    My guess is libpfhttphook is not vulnerable. I'd like to hear from someone else tho.

    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679280

    -Steve

    Sent from my phone

    On Aug 4, 2012, at 12:31, "Moritz Muehlenhoff" <[email protected]> wrote:

    CVE-2012-2807


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Moritz Muehlenhoff@1:229/2 to All on Sat Aug 4 19:30:02 2012
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2521-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 04, 2012 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libxml2
    Vulnerability : integer overflows
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2012-2807

    Jueri Aedla discovered several integer overflows in libxml, which could
    lead to the execution of arbitrary code or denial of service.

    For the stable distribution (squeeze), this problem has been fixed in
    version 2.7.8.dfsg-2+squeeze5.

    For the testing distribution (wheezy) and the unstable distribution (sid),
    this problem has been fixed in version 2.8.0+dfsg1-5.

    We recommend that you upgrade your libxml2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.12 (GNU/Linux)

    iEYEARECAAYFAlAdWqcACgkQXm3vHE4uylpCeACfablFFsYGtP29hdxffKqUwg6j MrkAnAhfWbDo024e6rYfcrs2hrngEPh3
    =Lr3B
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)